Trust Digital Announces Enhanced Device Management and Security For iPhone 3GS
by Bill French on 13/07/09 at 10:31 pm
Bill French is an information architect specializing in Internet applications. He is also the co-founder of MyST Technology Partners and Senior Editor for iPhoneCTO.
(Editor’s Note: Dan Dearing of Trust Digital is an iPhoneCTO contributing editor) Apple’s recent addition of features aimed at the security conscious enterprise that must have “always-on” device encryption, tethering, resource controls and on-demand VPN, is still missing one key element for a successful e-prise strategy; a management console for iPhone 3GS.
While the debate continues for the definition of “enterprise-ready”, Trust Digital is wasting no time establishing its own definition, the EMM Platform, which includes the only enterprise solution providing a centralized management console decoupled from Microsoft Exchange 2007. This makes it possible for IT departments to deploy, manage, secure and control their iPhone OS devices independently of Microsoft Exchange.
Trust Digital’s EMM platform provides a browser-based management console for the iPhone and all other non-Blackberry devices. By removing dependencies on the enterprise email environment, EMM simplifies management and support of iPhone devices for Microsoft Exchange, Lotus Notes and Google Gmail environments.
Another benefit of the EMM platform architecture streamlines activation; iPhone business users can use their email credentials to automatically activate device security policies and configure email, WiFi and VPN settings for secure access to enterprise networks. This approach is made possible with the free and open availability of the EMM Agent available in the app store.
Security Compliance Enforcement
But the real headline is in the security realm – EMM provides granular security compliance enforcement for the iPhone 3GS. Full device loss protection requires pin or password policies to be used with data-at-rest device encryption. This new release performs a compliance check on all user devices before they enter the corporate network, ensuring that only devices with “Passcode Lock” (i.e. pin or password) turned on, are allowed to sync with corporate email resources. The flexibility of this approach allows the platform to be used with both hosted and IT-supported email services – a clear advantage for companies non-Exchange environments (a growing market segment). The EMM Access Manager operates in the DMZ so IT does not have to publish ActiveSync directly to the Internet which provides yet another layer of security.
According to Dan Dearing, vice president of marketing at Trust Digital,
“The iPhone 3GS has the features to be truly enterprise-ready, but the fragmented approach to managing it via Exchange and the Apple iPhone Config Utility misses the mark.”
ARS Technica disagrees with Dearing’s viewpoint citing the 2.0 configuration utility upgrade as a demonstration of “constant improvement“ in Apple’s enterprise strategy. But irrespective of the excitement Trust Digital has for its new baby, there’s no debate that EMM is a significant step that gives iPhone very close parity with RIM’s BES, a very competent and widely adopted enterprise-ready management dashboard.
Follow iPhoneCTO on Twitter for more timely and frequent updates: www.twitter.com/iphonecto
Frank Castle
Jul 16th, 2009
How does this work “independently of Microsoft Exchange” as you need some sort of hook to get to the user mailbox, GAL lookup, sync etc. Regardless great progress and EMM is in a race with Good on the best chance to get iPhone accepted in enterprise.
Two issues though:
Why put in yet another dedicated solution if you already have BES, Exchange, Mobile Device Manager? iPhone is popular but not THAT popular to drop a enterprise size budget to support this.
Our Information Security / Firewall group have outlawed anything being in the DMZ – everything is behind their wall.
Still for companies that are iPhone centric or absolutely need iPhone support this is great progress.
I'd love to know the CAL cost compared to BES / MDM.
dandearing
Jul 17th, 2009
EMM proxies the activesync traffic in the DMZ (or behind the firewall if you chose to deploy that way), so sync traffic is pass transparently to the email server and EMM processes the policy traffic.
If you already have BES, SCMDM and Exchange, why buy another system? BES and SCMDM orphan the iPhone, Palm Pre and Android, so you have to rely on Exchange to carry that burden. Most IT shops would not manage their Blackberrys with Exchange, so why would they start now using the email server as a device management platform (and have to ask the messaging team for console access) for everything else? Exchange also leaves some device management holes – e.g. for the iPhone, you have to also rely on the Apple config utility which does not integrate with AD for group based policies.
EMM pricing is comparable to BES pricing. Happy to trial it for you — it will answer all your questions
dandearing
Jul 17th, 2009
EMM proxies the activesync traffic in the DMZ (or behind the firewall if you chose to deploy that way), so sync traffic is pass transparently to the email server and EMM processes the policy traffic.
If you already have BES, SCMDM and Exchange, why buy another system? BES and SCMDM orphan the iPhone, Palm Pre and Android, so you have to rely on Exchange to carry that burden. Most IT shops would not manage their Blackberrys with Exchange, so why would they start now using the email server as a device management platform (and have to ask the messaging team for console access) for everything else? Exchange also leaves some device management holes – e.g. for the iPhone, you have to also rely on the Apple config utility which does not integrate with AD for group based policies.
EMM pricing is comparable to BES pricing. Happy to trial it for you — it will answer all your questions